RE: [fw-wiz] (no subject)
From: Noonan, Wesley (Wesley_Noonan@bmc.com)
Date: 11/22/02
- Next message: Skip Frizzell: "Re: [fw-wiz] (no subject)"
- Previous message: Dean Pullen: "[fw-wiz] (no subject)"
- Maybe in reply to: Dean Pullen: "[fw-wiz] (no subject)"
- Next in thread: Skip Frizzell: "Re: [fw-wiz] (no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Noonan, Wesley" <Wesley_Noonan@bmc.com> To: "'Dean Pullen'" <deanpullen@yahoo.com>, firewall-wizards@honor.icsalabs.com Date: Fri Nov 22 15:56:00 2002
I am not sure why you require it in your DMZ. If you need something to act
as a bastion or proxy for SMTP email, why not use a cheapware SMTP server on
something like Linux? Even if you do need Exchange, you shouldn't need
domain rights to just do SMTP.
If you need it to provide external access to email, I would look at
something like OWA instead.
As for what to open, here is a sample from a PIX that I did a while ago
(sorry it is in conduit format)
conduit permit udp host 172.16.1.1 eq netbios-ns host 10.100.0.10
conduit permit udp host 172.16.1.1 eq netbios-dgm host 10.100.0.10
conduit permit tcp host 172.16.1.1 eq 139 host 10.100.0.10
conduit permit udp host 172.16.1.1 eq 139 host 10.100.0.10
conduit permit tcp host 172.16.1.1 eq 135 host 10.100.0.10
It provided access from the DMZ host to the DC. I think that 135 and 139 may
not have needed to be opened (I don't recall for sure and I don't have a
latest config to see if I removed them or not). Thanks.
Wes Noonan, MCSE/CCNA/CCDA/NNCSS
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
wnoonan@bmc.com
http://www.bmc.com
> -----Original Message-----
> From: Dean Pullen [mailto:deanpullen@yahoo.com]
> Sent: Friday, November 22, 2002 12:04
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] (no subject)
>
> Hi guys,
>
> I've basically been told that we require an Exchange
> system operated within our DMZ setup. After much
> reading I've decided to go for a front-end, back-end
> Exhange system, with the Exchange front-end in the DMZ
> and the back-end in the LAN. However, even though I've
> opened up all the ports specified in MS' white papers
> between the DMZ and LAN, I cannot connect to the
> domain/active directory from the Front-End server. How
> do I go about this? I mean all I am trying at the
> moment is to connect to our internal Domain by
> accessing the network ID in the My Computer properties
> and trying typing in the Domain. Do I have to do
> anything else?! Sorry for my amateurishness(!) but
> we're a small firm and cannot afford a fully-fledged
> exchange specialist, thus I'm doing it!
>
> Thanks in advance.
>
> Dean Pullen.
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Next message: Skip Frizzell: "Re: [fw-wiz] (no subject)"
- Previous message: Dean Pullen: "[fw-wiz] (no subject)"
- Maybe in reply to: Dean Pullen: "[fw-wiz] (no subject)"
- Next in thread: Skip Frizzell: "Re: [fw-wiz] (no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
